Vulnerability Development mailing list archives
Editing your ISP Account Details
From: Ankit Fadia <ankit () BOL NET IN>
Date: Thu, 26 Oct 2000 21:56:55 +0530
I don't know whether this has come up earlier or not. But recently, I discovered a security loophole exisiting in Netscape Enterprise (Atleast, haven't tested on other OS's.) which allows any person having an account on that server to edit account details like Contact Information etc, even if the sysadmin does not want normal users to do so. This can lead to disastorous results, when applied to ISP's running the affected Operating Systems. This would mean that people can commit crimes, change their contact details in their ISP Database and get away scott free, as the contact details do not lead to the actual culprits. I would like to get your feedback on this issue and correct me wherever, I have gone wrong. I have attached the entire process for you to see. Have a Nice Day, Ankit Fadia Founder, Hacking Truths http://hackingtruths.box.sk
Current thread:
- Editing your ISP Account Details Ankit Fadia (Oct 27)
- Re: Editing your ISP Account Details Steve Mosher (Oct 29)
- <Possible follow-ups>
- Re: Editing your ISP Account Details amonotod (Oct 29)